On a most basic level, I understand that password managers like LastPass or 1Password use the user’s password to encrypt their vault. What other approaches are used to protect the vault? Do they use a key-derivation function to create a token that is used as the encryption key instead?
And in the age of other solutions for logging in, how is this approach adapted? What about if the app is enterprise and the user logs in via SSO instead? How about passkeys?